Search This Blog

Monday, 30 June 2025

External SAP HANA PSE File and Certificate Management

External SAP HANA PSE File and Certificate Management

Certificates can also be stored and managed within files located in the file system of the SAP HANA instance. 


By default, they’re stored in the following path:

/hana/shared/<SID>/HDB<instance number>/<host name>/sec



you’ll find several files with a .pse extension. For example:

sapsrv.pse

saplogon.pse

sapslcs.pse

sapsys.pse

sap_system_pki_instance.pse

sap_system_pki_internal.pse

sapsrv_internal.*.pse


Each file has an intended purpose,
1.authentication 
2.TLS secure communication.



There are two main ways to configure PSE files:

1. Command-line using SAPGENPSE tool


2. Web-based SAP Web Dispatcher Administration GUI

*using SAP web dispatcher tool, we can manage .pse certificates effectively.


To access the Web Dispatcher Admin GUI, the user must have the role:
sap.hana.xs.wdisp.admin::WebDispatcherAdmin

Access URL example:

http://<SAP_HANA_XS_HOST>:80(<instance #>)/sap/hana/xs/wdisp/admin/

Example:

http://w4-dh-hana19e-corp.root.internal.com:8000/sap/hana/xs/wdisp/admin

Authentication is required with SAP HANA internal user credentials.

the landing page will default to the SAP web dispatcher monitor.on the leftside,MENU -->PSE management-->just under the SSL and trust configuration.

The interface has a Manage PSE dropdown where you select the PSE file to manage.

With a PSE selected, the following actions are available:

Interface Option | Description

Recreate PSE
When selected, the active PSE file will be reset to a default state. All certificates will also be removed from the trust store.

Delete PSE
To delete a PSE from the file system, select the PSE file in the Manage PSE dropdown menu, then select this option.

Create New PSE
Used to create a new PSE. When clicked, a new window will appear, allowing you to define the PSE encryption algorithm, key length, distinguished name, and file name.

Export Own Certificate
When selected, a new window will appear containing the certificate of the selected PSE file.

Create CA Request
When selected, a new window will appear containing the certificate request text. Copy this text to a certificate authority to generate a new certificate response.

Import CA Response
When selected, a new window will appear containing a text entry block in which the certificate response text can be pasted or entered.

Import Certificate
When selected, a new window will appear containing a text entry block in which a trusted certificate’s text can be pasted or entered.





Ram Naveen at No comments:
Labels: , , , , , , ,
Subscribe to: Posts (Atom)